Wireless Popularity: New Security Concerns for a Wireless Age

(Page 1 of 4 )

Ah, the joy of wireless computing...you can access the Internet from your laptop while sprawling on your bed, sitting on a parkbench, or getting your daily fix at Starbucks. But this ease of access brings it with it the specter of security breaches. Michael Swanson explains the historical reasons why the Internet is insecure, and what protocols to use to cut the wires safely.

Introduction

Wireless networking has long been held as the holy grail for network access. The ability to access the Internet from anywhere, unhindered by cables and cords, would revolutionize the way that people view and use the Internet. That holy grail is now here, and is quickly spreading throughout the Internet using public. Recent years have seen these technologies spread to near ubiquity as public hotspots in cafes, conference centers, hotels, and Internet cafes; home users setting up plug-and-play wireless broadband routers; and schools covering their campuses in wireless access points.

All of these things have happened with the headlong rush reminiscent of the early years of the Internet, with little thought given to the more obscure security and infrastructure impact of this new wireless technology. More disturbing is the lack of knowledge possessed by the end-user of, specifically, the special new security concerns inherent in wireless Internet access.

History and Foundation

The extent of the damage caused by this lack of education and lack of thought is yet to be determined in real terms. This is partly because solutions are being actively sought for many of the problems, and partly because wireless Internet is still limited by range, signal strength, and general coverage. However, as some cities move to convert entire downtown areas to wireless hotspots, even this handicap is beginning to lift.

The main problem inherent in this change lies in the underlying insecurity of most application layer protocols. Some history is useful in understanding this issue. When the Internet was in its very first formative stages, with many of the underlying protocols being hashed out by companies and computer science professors at academic institutions, very little thought was given to the future uses of the software they were developing.

Very few considered the fact that these underlying protocols, things like POP, HTTP, FTP, and so forth would be used in the widespread way that they are today. The focus was on building something that worked, in a security-na´ve academic way. The designers of these protocols did not, and most likely could not, anticipate that these protocols would be running on millions of servers across millions of routers and switches as they do today. Nor could they anticipate the types of uses that creative businesses and entrepreneurs would think up to put these protocols to. However, this generally led to these protocols, and many lower level than these even, being designed in an inherently trusting and insecure way.

Even during the years of the Internet bubble, many of these issues weren't terrible problems. With strictly wired networks, it was often difficult and time-consuming to take advantage of any of these flaws. Network routing protocols and switching made it difficult for a hacker to eavesdrop on most network traffic. Thus, only certain types of interactions were necessarily encrypted, those that carried the most lucrative information, such as credit card data. Wires necessarily constricted and controlled where information was going, and prevented it from ending up at the wrong destination. All of this has changed, though, with the introduction of widespread wireless networking.